An Australia-based National Disability Insurance Scheme (NDIS) service provider, CTARS, announced suffering from a data breach that exposed a massive volume of patient records and other sensitive data to the public.
Last May 15, the systems of the healthcare software and analytics provider CTARS were infiltrated by unauthorised entities, and learned that a sample of the stolen data was published on the dark web one week after the incident.
According to security researchers, over 12,000 email addresses were stolen in the attack, mostly owned by healthcare institutions’ employees than those by patients. CTARS had not disclosed other details about the data compromised from the breach, but on their website, the service provider said to have considered all information kept in their database as compromised.
CTARS’ website holds a large volume of health records, documents, and client personal information, alongside their staff and patients. The service provider has also alerted NDIS participants about being cautious against suspicious activities involving their information since they are included among those whose data were compromised.
CTARS also added that the data included in the breach might comprise patients’ diagnosis details, such as their treatment procedures and medical conditions.
Furthermore, the data breach could have included financial records like pensioner cards and health insurance details from Medicare. The massive volume of compromised data made it difficult for the service provider to confirm its extent to their clients and security researchers. However, all NDIS clients would be reached to keep posted about the incidents’ progress.
NDIA had also confirmed being in touch with CTARS concerning the issue. According to an NDIA representative, their partnership with CTARS had been significant, especially with utilising a cloud-based client management system (CMS) vital for the healthcare sector. The NDIA representative assured their participants that the data breach was not of the NDIA systems and that they take matters of cybersecurity as an extremely serious matter.
The affected service provider had already contacted cybersecurity supports to aid them with navigating, analysing, and mitigating the data breach. CTARS also extended their regrets to all impacted individuals because of the unexpected cybersecurity compromise.
